The use of salt, today, is to prevent the attacker from directly seeing
who has same passwords. Of course it also will make a rainbow table
attack less useful, but then again, no one uses rainbow tables anymore
since it takes about few minutes to brute force a password in the cloud
or on your home computer GPU. SHA512-CRYPT uses by default 4000 rounds
on dovecot, to make it more computationally expensive, but still it's
not very strong protection anymore.
MD5 with or without salt can be attacked at passwords per second speed,
so using CRAM-MD5 of DIGEST-MD5 is very very poor choice. Anything with
MD5 should not be used for passwords these days.
With Dovecot 2.3 we are making BLF-CRYPT available on all platforms, and
also adding support for ARGON2 when you have libsodium available.
Aki
On 27.10.2017 09:44, j.emerlik wrote:> Aki,
> if I understand it well, salt is useful when database is/was stolen ?
> Then thief can use eg. rainbow tables to decrypt passwords.
> Regards,
> Jack
>
> 2017-10-27 7:42 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
>
>>
>> On 27.10.2017 08:37, @lbutlr wrote:
>>> On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi>
wrote:
>>>> SHA512-CRYPT and PLAIN/LOGIN with SSL.
>>> I?m happy with SHA256-CRYPT and PLAIN/LOGIN.
>>>
>> Yes. SHA256-CRYPT is good too. It was just recommendation over using
>> CRAM-MD5, use anything with salt.
>>
>> Aki
>>